Hey, I've problems to setup samba 2.0.9 ( originally it's HP CIFS/9000, but that's using 2.0.9 as basis). They problem is the current NT-Domain-Structure, because thats a very difficult setup. I try to explain it: We have 4 Logon-Domains where the users resides. One domain per location, so lets call the domain LOC1 to LOC4. Then we have more Resource-Domains, one for each department, so lets call them DEP1 and DEP2. The 4 Logon-Domains are fully trusted to each other ... but the resource-domains only trust to the Logon-Domains. The samba-server is located in domain DEP1. We have created a Machine-Account on the PDC and the smbpasswd-command to join the domain worked. Some samba-parameters: security=domain workgroup=DEP1 password server = LOC1-PDC LOC2-PDC LOC3-PDC LOC4-PDC I know that this is not like it should be, but the PDC from the DEP1-Domain would reject the authentication anyway because it doesn't have any users and it does not forwarding or something. So I tried it with the Logon-domain-pdcs. The PDCs are answering "NO_TRUSTED_SAM_ACCOUNT", which isn't what I want. I have no idea if that could work with samba, but I know that the same schema is working with ASU/9000 which was the hp-product before CIFS.Also I don't know what more information to provide, even I don't have to deep NT-knowlegde. But maybe somebody has any idea or wants more information. Any input/help is welcome. thx Martin
MCCALL,DON (HP-USA,ex1)
2002-Feb-06 12:20 UTC
[Samba] Samba 2.0.9 + NT 4.0 multiple domains
Hi Martin, You need to JOIN the domain where the majority of your user accounts are, NOT the dept domain where the resources are, and then point your password server= line to the pdc of that domain. That way, when your dept users try to attach to a samba share, the samba server will request authentication of that user to the pdc of whichever locX domain you have joined, and it should be able to authenticate that user. Hope this helps, Don -----Original Message----- From: Martin Schretzmeier [mailto:mod@aon.at] Sent: Wednesday, February 06, 2002 2:44 PM To: samba@lists.samba.org Subject: [Samba] Samba 2.0.9 + NT 4.0 multiple domains Hey, I've problems to setup samba 2.0.9 ( originally it's HP CIFS/9000, but that's using 2.0.9 as basis). They problem is the current NT-Domain-Structure, because thats a very difficult setup. I try to explain it: We have 4 Logon-Domains where the users resides. One domain per location, so lets call the domain LOC1 to LOC4. Then we have more Resource-Domains, one for each department, so lets call them DEP1 and DEP2. The 4 Logon-Domains are fully trusted to each other ... but the resource-domains only trust to the Logon-Domains. The samba-server is located in domain DEP1. We have created a Machine-Account on the PDC and the smbpasswd-command to join the domain worked. Some samba-parameters: security=domain workgroup=DEP1 password server = LOC1-PDC LOC2-PDC LOC3-PDC LOC4-PDC I know that this is not like it should be, but the PDC from the DEP1-Domain would reject the authentication anyway because it doesn't have any users and it does not forwarding or something. So I tried it with the Logon-domain-pdcs. The PDCs are answering "NO_TRUSTED_SAM_ACCOUNT", which isn't what I want. I have no idea if that could work with samba, but I know that the same schema is working with ASU/9000 which was the hp-product before CIFS.Also I don't know what more information to provide, even I don't have to deep NT-knowlegde. But maybe somebody has any idea or wants more information. Any input/help is welcome. thx Martin -- To unsubscribe from this list go to the following URL and read the instructions: lists.samba.org/mailman/listinfo/samba